Inherited Features
Feature descriptions found in this chapter are inherited (forward merged) from the following Oracle Communications Session Border Controller releases:
- S-CZ7.3.0M3
- S-CZ7.4.1
The S-CZ8.1.0 GA documentation set does not include the following features:
Bootparameter Security for R226
An Oracle Communications Session Border Controller ignores attempts to modify security related boot flags from the ACLI. The OCSBC still supports changing security related boot flags through the bootloader.See the "R226 Security Recommendation Compliance" chapter in the ACLI Reference Guide.
SHA2 Password Hashing
The Oracle Communications Session Border Controller supports SHA-2 hashing of user login passwords. The OCSBC hashes passwords using a randomly generated salt with 65532 iterations of the SHA-512 algorithm.See the "R226 Security Recommendation Compliance" chapter in the ACLI Reference Guide.
SFTP Access Restrictions for R226
In the default restricted mode, the normal user and admin user are restricted from adding, deleting, renaming, or modifying sensitive system files when accessing the file system with SFTP. Although setting the boot flag to0x01000000 allows access to sensitive files, if the
ANSSI R226 Compliance entitlement is enabled, all
boot flags are reset to zero during a reboot and can only be set through the
bootloader.
See the "R226 Security Recommendation Compliance" chapter in the ACLI Reference Guide.
Import SSH Keys as Host Keys
The Oracle Communications Session Border Controller supports importing externally generated SSH keys to replace the internally generated SSH host keys. Because the OCSBC derives the public key from the private key, only the externally generated private key needs to be imported. The OCSBC uses these keys when it functions as an SSH server. The OCSBC supports RSA or DSA key lengths of 1024, 2048, 3072, or 4096 bits.See "Import Private SSH Key to Derive New SSH Host Keys" in the ACLI Configuration Guide.
Import a Private SSH Key
As an alternative to relying on the SSH keys generated by the Oracle Communications Session Border Controller, customers may import externally generated SSH keys for any configured public-key element. Because the OCSBC derives the public key from the private key, only the private key needs to be imported, and any previously generated keys for this public-key element will be overwritten. The OCSBC uses these keys when it functions as an SFTP client.See "Import a Private SSH Key for the OCSBC as an SFTP Client" in the ACLI Configuration Guide.
Delete an SSH Key
You can delete private keys from the system individually.See "Delete an SSH Key" in the ACLI Configuration Guide.
Secure the ACP Comm Link with TLS
You can use the Transport Layer Security (TLS) protocol to secure the communications link between the Oracle Communications Session Border Controller (OCSBC) and the Oracle Communications Session Delivery Manager (SDM). Note that the systems use Acme Control Protocol (ACP) for this messaging.See "Securing Communications Between the OCSBC and SDM with TLS" in the ACLI Configuration Guide.
AAA Authentication for ACP
To authenticate SDM by way of an external AAA server connected to the OCSBC, the OCSBC supports ACP authentication using the HTTP Basic Authentication Scheme. By using ACP over TLS, the OCSBC exchanges RADIUS or TACACS+ encrypted passwords and shared keys securely.See the Administrative Security Guide.
